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(54) Module for personalizing content according to instruction contained in a voucher for devices 



(57) A method and apparatus are provided for per- 
sonalizing content on a mobile phone, device or termi- 
nal, as any other type of user equipment", instead of the 
personalization being performed by a network infra- 
structure device such as a voucher server. The mobile 
phone, device or terminal has a voucher-driven on-de- 
vice content personalization module for personalizing 
the content based on information contained in a rights 
expression voucher that accompanies the content. The 
mobile phone, device or terminal personalizes the con- 
tent without server-side support from the wireless net- 
work infrastructure. The rights expression voucher con- 
tains information that controls the content personaliza- 



tion in the device. When the device or terminal receives 
content with this kind of rights expression voucher, it 
starts personalization operation according to personal- 
ization information. This personalization operation can 
personalize content to the same "individuals" as the 
server-based personalization. In addition, the device- 
based personalization operation can use personaliza- 
tion information not known by the voucher server (for 
example, device specific hardware operations). The 
personalization can be made by the local encryption of 
the content encryption key. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Field Of Invention 

[0001 ] The present invention relates to a network; and 
more particularly relates to a network in which content 
is personalized by content creators or providers. 

2. Description of Related An 

[0002] In a known Digital Rights Management (DRM) 
system, there is a voucher that expresses usage rights 
of the content. The voucher gives rights for using : cop- 
ying : forwarding, saving, previewing, etc. The voucher 
is contained in a separate file. 

[0003] The voucher may include a field which is used 
by the content provider for binding content usage rules 
to a specific device using, for example, the International 
Mobile Equipment Identity (IMEI) code of a phone, a de- 
vice identifier (ID), etc. This is called content targeting 
or content personalization. Content is personalized by 
the content provider when generating the voucher (i.e. 
the value of the field is set). 

[0004] Operators want somehow to personalize con- 
tent, for example, to a specific Subscriber Identity Mod- 
ule (SIM) and thus limit content usage to that SIM. How- 
ever known personalization systems are all server- 
based and the problem with these systems has been 
typically solved with expensive hardware (HW) or some 
software (SW) based systems, which are not necessar- 
ily safe. Moreover, the known server-based content per- 
sonalization is not possible until there are proper down- 
load and key exchange protocols. The known server- 
based systems also need complex encryption schemes 
and protocols and also put an extra load on the network 
(when exchanging keys) and the content service provid- 
er. 

SUMMARY OF INVENTION 

[0005] In its broadest sense., the present invention 
provides a new and unique method and apparatus for 
personalizing content on a mobile phone, device or ter- 
minal, as any other type of user equipment, instead of 
the personalization being performed by a network infra- 
structure device such as a voucher server. The mobile 
phone, device or terminal has a voucher-driven on-de- 
vice content personalization module for personalizing 
the content based on information contained in a rights 
expression voucher that accompanies the content. The 
mobile phone, device or terminal personalizes the con- 
tent without server-side support from the network infra- 
structure. After personalization, the content is not usa- 
ble if the device used for personalization is not available; 
and the personalized content can only be used in com- 
mon with that device. The present invention makes this 



kind of functionality possible without server-side support 
from the network infrastructure. 

[0006] In operation, the mobile phone, device or ter- 
minal provides content personalization instead of a 
5 voucher server in the network. The rights expression 
voucher contains information that controls the content 
personalization in the device. When the device receives 
content with this kind of rights expression voucher, it 
starts personalization operation according to personal- 
is ization information. This personalization operation can 
personalize content to the same "individuals" as the 
server-based personalization. In addition, the device- 
based personalization operation can use personaliza- 
tion information not known by the voucher server (for 
example, device specific hardware operations). 
[0007] The personalization can be made by a local en- 
cryption of a Content Encryption Key (CEK), the content, 
the rights expression voucher itself, or a combination 
thereof, which may be encrypted using a key generated 
from a seed derived from information in the rights ex- 
pression voucher, or may alternatively be encrypted us- 
ing a device specific hardware function derived from in- 
formation in the rights expression voucher. The local en- 
cryption key is preferably not stored in the mobile phone., 
device or terminal. Instead, the local CEK encryption 
key is regenerated from the same seed when needed. 
This ensures that the content cannot be used if the seed 
for the key is not present. 

[0008] With the present invention, the content provid- 
er may describe to which device the content will be per- 
sonalized. The options may include, for example, the 
SIM or any other type of smart card or external, terminal 
connected module, IMEI, some terminal hardware (HW) 
function, the rights expression voucher itself, a terminal 
secret key, an application specific circuit (ASIC) or a 
hardware identifier (ID), or any other fixed. value from 
the device. 

[0009] The rights expression voucher has a field that 
provides the device or terminal with a method and pos- 
sible parameters, for example, information about the 
seed for the local encryption key, which are used for the 
local encryption of the CEK, the content, the rights ex- 
pression voucher itself or a combination thereof. In other 
words, the rights expression voucher provides informa- 
tion about how the content is to be bound to the device. 
For example, it provides the information: "use IMEI code 
as a seed." In contrast, it does not provide the IMEI itself. 
Alternatively, it can provide just the encryption method: 
"encrypt this using HW function X in the device." and 
optionally provide some parameters to that H W function, 
e.g. the seed. In the device, either a HW or SW imple- 
mentation module encrypts the CEK according to in- 
structions described in the rights expression voucher (e. 
g., by using the encryption key generated from the seed 
described in the rights expression voucher, or using a 
device specific HW function described in the rights ex- 
pression voucher), alternatively encrypts the whole con- 
tent (not just the CEK) in a similar way. 
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[001 0] The device to which the content is bound is not 
necessarily only the personalizing device itself, but may 
also be any other device coupled to the personalizing 
device, such as a SIM or any other type of terminal con- 
nected module. 

[001 1 ] One advantage of the present invention is that 
it does not need complex encryption schemes and pro- 
tocols. 

[0012] Another advantage of the present invention is 
that it solves the problem concerning the storage of the 
decryption key. When the key itself is not stored at all it 
is impossible to copy it into some other device. 
[0013] Another advantage of the present invention is 
that the content creator or provider can make decisions 
regarding the personalization of content without negoti- 
ating with the party that is delivering the personalized 
content to the end user or with the party that is receiving 
the content. 

[0014] Another advantage of the present invention is 
that it off-loads considerable data processing related to 
personalization from the voucher servers to devices. 
[0015] Another advantage of the present invention is 
that it adds additional security because the content spe- 
cific CEK is encrypted . 

BRIEF DESCRIPTION OF THE DRAWING 

[0016] The drawing, not drawn to scale, includes the 
following Figures: 

Figure 1 is a diagram of a wireless network having 
a network infrastructure and two terminals that 
forms the subject matter of the present invention. 
Figure 2 is a block diagram of a wireless terminal 
that forms the subject matter of the present inven- 
tion. 

Figure 3 is a diagram of a flow chart of the basic 
steps of the present invention. 
Figures 4-6 show steps for personalizing the con- 
lent in the flowchart shown in Figure 3. 

DETAILED DESCRIPTION OF INVENTION 

Figure 1 : The Basic Invention 

[0017] Figure 1 shows a wireless network generally 
indicated as 1 0 having a network infrastructure 11 , a first 
wireless phone : terminal or device 1 2, a content creator 
or provider 13 and a second wireless phone, terminal or 
device 14. Although the invention is described by way 
of example in relation to the wireless network 10, the 
scope of the invention is also intended to include non- 
wireless networks. 

[0018] According to the present invention, in the wire- 
less network 10 the wireless recipient 12 or 14 person- 
alizes content received from the content creator or pro- 
vider 13 instead of the personalization being performed 
by a network infrastructure device such as a voucher 
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server. The personalization of the content is based on 
information contained in a rights expression voucher 
that accompanies the content. The rights expression 
voucher contains information that controls the content 

5 personalization by the device 1 2 or 1 4. When the mobile 
phone, device or terminal 12, 14 receives content with 
this kind of rights expression voucher, it starts person- 
alization operation according to the personalization in- 
formation contained therein. The mobile phone, device 

io or terminal 12 ; 14 provides the content personalization 
instead of a voucher server in the wireless network in- 
frastructure 11 . After personalization, the content is not 
usable if the device used for personalization is not avail- 
able; and the personalized content can only be used in 

15 common with that device. 

Figure 2 

[0019] Figure 2 shows a block diagram of a wireless 

20 phone, device or terminal 15, like the wireless sender 
12 or the wireless recipient 14. The wireless device 15 
includes a signal processor 15a connected to a radio 
access network module 15b (connected to an antenna 
15c). a display module 15d, an audio module 1 5e, a mi- 

25 crophone 15f ; a read only memory 15g (ROM or 
EPROM), a keyboard module 15h ; a random access 
memory 15i (RAM) and a SIM 15j. The signal processor 
15a controls the operation of wireless terminal 15, the 
operation of which is known in the art. Moreover, the 

30 scope of the invention is not intended to be limited to 
any particular kind or type of the aforementioned ele- 
ments 15a, 15b 15j. For example, the scope of the 

invention is intended to include the radio access network 
module 15b being either an antenna module, a radio fre- 

35 quency (RF) module, a radio modem or the like. The 
wireless terminal 1 5 may also include many other circuit 
elements known in the art which are not shown or de- 
scribed. 

[0020] The wireless device 15 features a voucher- 
-to driven on-device content personalization module 1 5k for 
providing content personalization instead of the voucher 
server in the wireless network infrastructure 11 (Figure 
1). The voucher-driven on-device content personaliza- 
tion module 15k may be implemented using hardware, 
4 5 software, or a combination thereof. The module can be 
implemented either inside the device 15, or in an outside 
module, e.g. in a smart card. In a typical software imple- 
mentation, the voucher-driven on-device content per- 
sonalization module 15k would be a microprocessor- 
s' based architecture having a microprocessor, a random 
access memory (RAM), a read only memory (ROM), in- 
put/output devices and control, data and address buses 
connecting the same. A person skilled in the art of pro- 
gramming would be able to program such a microproc- 
55 essor-based implementation to perform the steps dis- 
cussed above, as well as the steps discussed below, 
without undue experimentation. The most typical imple- 
mentation of such a module would be as a part of a Dig- 
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ital Rights Management (DRM) engine. The DRM en- 
gine and its functionality for controlling digital rights are 
well known to the person skilled in the art. 

Figures 3-6- 

[0021] Figure 3 shows a flow chart having basic steps 
generally indicated as 30 of the voucher-driven on-de- 
vice content personalization that is the subject matter of 
the present invention. The method includes two impor- 
tant steps: 

In a first step 32 : the mobile phone : device or ter- 
minal 12, 14 in Figure 1 is provided content having 
a rights expression voucher with information that 
controls the content personalization therein. The 
content creator or provider 13 (Figure 1) typically 
provides the content. 

In a second step 34, the voucher-driven on-device 
content personalization module 15k in Figure 2 of 
the mobile phone ; device orterminal in Figure 1 per- 
sonalizes the content instead of the personalization 
being performed by the network infrastructure de- 
vice 11 (Figure 1) such as a voucher server. The 
personalization of the content is based on informa- 
tion contained in the rights expression voucher. 

[0022] In order to personalize the content., by way of 
example, the voucher-driven on-device content person- 
alization module 15k may do the following: 

Figure 4 shows a step 36, wherein the voucher-driv- 
en on-device content personalization module 15k 
personalizes content by using personalization infor- 
mation not known by the voucher server (for exam- 
ple, device specific hardware operations) to person- 
alize the content. 

Figure 5 shows a step 38, wherein the voucher-driv- 
en on-device content personalization module 15k 
personalizes content by encrypting the content en- 
cryption key the content the rights expression 
voucher, or a combination thereof using a key gen- 
erated from a seed derived from information in the 
rights expression voucher. 

Figure 6 shows a step 40 : wherein the voucher-driv- 
en on-device content personalization module 15k 
personalizes content by encrypting the CEK using 
the information contained in the rights expression 
voucher about a terminal or SIM specific seed for 
the local encryption key. 

[0023] The voucher-driven on-device content person- 
alization module 15k may use any one or a combination 
of the aforementioned steps. The scope of the invention 
is intended to include any personalization scheme 
known in the art, and is not intended to be limited to how 
the content is personalized by the voucher-driven on- 
device content personalization module 1 5k in the mobile 



phone, device or terminal 12, 14 in Figure 1 . 
[0024] In the present invention, the local CEK encryp- 
tion key is not stored in the mobile phone, device or ter- 
minal 12, 14; instead, the local CEK encryption key is 
5 regenerated, when needed, using the same information 
in the rights expression voucher used to determine the 
content personalization, to ensure that the content can- 
not be used if the device used for personalization is not 
present. 

w 

Scope of the Invention 

[0025] Accordingly, the invention comprises the fea- 
tures of construction, combination of elements, and ar- 
15 rangement of parts which will be exemplified in the con- 
struction hereinafter set forth. 

[0026] It will thus be seen that the objects set forth 
above, and those made apparent from the preceding de- 
scription, are efficiently attained and, since certain 
20 changes may be made in the above construction without 
departing from the scope of the invention, it is intended 
that all matter contained in the above description or 
shown in the accompanying drawing shall be interpreted 
as illustrative and not in a limiting sense. 

25 

Claims 

1. A method for personalizing content in a network 
30 having a network infrastructure, characterized in 

that a device personalizes content instead of the 
personalization being performed by a network infra- 
structure device such as a voucher server. 

35 2. A method according to claim 1, characterized in 
that the step of personalizing is based on informa- 
tion contained in a rights expression voucher that 
accompanies the content. 

•*o 3. A method according to claim 1, characterized in 
that the step of personalizing includes encrypting a 
content encryption key, the content, the rights ex- 
pression voucher, or a combination thereof using a 
key generated from a seed derived from information 

45 in a rights expression voucher. 

4. A method according to claim 1, characterized in 
that the step of personalizing includes generating 
a local encryption key from the same seed when 

so needed, instead of storing a local encryption key. 

5. A method according to claim 1, characterized in 
that the step of personalizing includes using a field 
contained in a rights expression voucher, the field 

55 providing the device a seed for a key which is used 
for the local encryption of a content encryption key. 

6. A method according to claim 5, characterized in 
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that in the device either a hardware or software im- 
plementation module is used to generate the key 
and encrypts the content encryption key using a 
seed, which is provided in the rights expression 
voucher. 

7. A method according to claim 1, characterized in 

that the step of personalizing includes using infor- 
mation related to either subscriber identity module, 
international mobile equipment identity, some ter- 
minal hardware function, the rights expression 
voucher, a terminal secret key, an application spe- 
cific integrated circuit or a hardware ID, or any other 
fixed value from the device. 

8. A method for personalizing content in a network, 
characterized in that the method comprises: 

providing a device content having a rights ex- 
pression voucher with information that controls 
the content personalization therein; and 
personalizing the content in the device in ac- 
cordance with the information contained in the 
rights expression voucher. 

9. A method according to claim 8, characterized in 
that the step of personalizing includes using device 
specific personalization information to personalize 
the content, including device specific hardware op- 
erations information. 

10. A method according to claim 8, characterized in 
that the step of personalizing includes making the 
personalization by the local encryption of a content 
encryption key, the content, the rights expression 
voucher, or a combination thereof. 

11. A method according to claim 8, characterized in 

' that the step of personalizing includes encrypting a 
content encryption key, the content, the rights ex- 
pression voucher, or a combination thereof using a 
key generated from a seed derived from information 
in a rights expression voucher. 

12. A device for operating in a network having a network 
infrastructure, characterized in that the device 
comprises a voucher-driven on-device content per- 
sonalization module for personalizing content in- 
stead of the personalization being performed by a 
network infrastructure device such as a voucher 
server. 

13. A device according to claim 12, characterized in 
that the voucher-driven on-device content person- 
alization module personalizes the content based on 
information contained in a rights expression vouch- 
er. 



14. A device according to claim 12, characterized in 
that the voucher-driven on-device content person- 
alization module uses personalization information, 
including device specific hardware operations, to 

5 personalize the content. 

15. A device according to claim 12, characterized in 
that the voucher-driven on-device content person- 
alization module makes the personalization by a lo- 

10 cal encryption of a content encryption key, the con- 
tent, the rights expression voucher, or a combina- 
tion thereof. 

16. A device according to claim 12, characterized in 

15 that the voucher-driven on-device content person- 
alization module encrypts a content encryption key, 
the content, the rights expression voucher, or a 
combination thereof using a key generated from a 
seed derived from information in a rights expression 

20 voucher. 

17. A network having a device and a network infrastruc- 
ture, characterized in that the device comprises a 
voucher-driven on-device content personalization 

25 module for personalizing content instead of the per- 
sonalization being performed by a network infra- 
structure device such as a voucher server. 

18. A network according to claim 1 7, characterized in 
30 that the voucher-driven on-device content person- 
alization module personalizes the content based on 
information contained in a rights expression vouch- 
er. 

35 19. A network according to claim 17, characterized in 
that the voucher-driven on-device content person- 
alization module uses personalization information, 
including device specific hardware operations, to 
personalize the content. 

40 

20. A network according to claim 17, characterized in 
that the voucher-driven on-device content person- 
alization module encrypts a content encryption key. 
the content, the rights expression voucher, or a 

45 combination thereof using a key generated from a 

seed derived from information in a rights expression 
voucher. 

21. A method according to claim 1, characterized in 
50 that the step of personalizing includes encrypting 

the content or the rights expression voucher itself 
using a key generated from a seed derived from in- 
formation in a rights expression voucher. 

55 22. A method according to claim 1 , characterized in 
that the step of personalizing includes encrypting a 
content encryption key, the content, the rights ex- 
pression voucher itself or a combination thereof us- 
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ing a device specific hardware function described 
in the rights expression voucher. 

23. A method according to claim 5, characterized in 
that the field provides a method which is used for s 
the local encryption of the content encryption key ; 
the content, the rights expression voucher itself or 
a combination thereof. 



24. A method according to claim 1 . characterized in io 
that the step of personalizing includes using a field 
contained in a rights expression voucher, the field 
providing the device, a device specific function 
which is used for the local encryption of a content 
encryption key. 15 



25. A method according to claim 8 ; characterized in 
that the step of personalizing includes encrypting a 
content encryption key : the content, the rights ex- 
pression voucher or a combination thereof using a 20 
device specific function derived from information in 
a rights expression voucher. 



26. A device according to claim 12, characterized in 

that the voucher-driven on-device content person- 25 
alizalion module encrypls a content encryption key : 
the content, the rights expression voucher or a 
combination thereof using a device specific function 
derived from information in a rights expression 
voucher. 30 



27. A network according to claim 17, characterized in 
that the voucher-driven on-device content person- 
alization module encrypts a content encryption key : 
the content, the rights expression voucher, or a 35 
combination thereof using a device specific function 
derived from information in a rights expression 
voucher. 



28. A method according to claim 1 : characterized in 40 
that the device to which personalized content is 
bound includes not only the device itself, but also 
other devices coupled to the device. 
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Figure 1 . Voucher-driven On-device 
Content Personalization Technique 
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Providing a mobile phone, device or terminal content having a rights 
express jon voucher with information that controls the content 
personalization therein 



Personalizing the content in the mobile phone, device or 
terminal in accordance with the information contained in 
the rights expression voucher 



Figure 3: The Basic Steps of the Invention 



Using device specific personalization information to 
personalize the content, including device specific hardware 
operations information 



Figure 4: A Step for Personalizing 
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Making the personalization by encrypting a content encryption 
key, the content, the rights expression voucher, or a combination 
thereof using a key generated from a seed derived from 
information in a rights expression voucher 



Figure 5: A Step for Personalization 



Encrypting a Content Encryption Key using a local encryption 
key, which is derived from a terminal or SIM specific seed 



Figure 6: A Step for Personalization 
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